The present invention relates generally to the field of ad-hoc network implementation. More particularly, the present invention relates to systems and methods for managing digital certificate revocation for a public key infrastructure in an ad-hoc network.
An ad-hoc network is a cooperative engagement of a collection of mobile nodes without the required intervention of any centralized access point or existing infrastructure. The lack of a centralized access point or infrastructure, although increasing robustness, can create difficulties in implementing a centralized certifier hierarchy for a public key infrastructure.
In cryptography, a public key infrastructure (PKI) is an arrangement which provides for third-party vetting of, and vouching for, user identities. It also allows binding of public keys to users. This is usually carried by software at a central location together with other coordinated software at distributed locations. The public keys are typically embodied in certificates.
Traditional use of PKI assumes a fixed network architecture. In the fixed network, nodes that fill the role of certificate authority are manually paced in an organization for efficient distribution of certificates throughout the network. This distribution normally uses a single certificate authority within the network to create, distribute, and revoke certificates for all of the members of the network. Accordingly, the single certificate authority may be configured to maintain all certificate information such that each node, upon encountering a certificate, will query the certificate authority to verify the authenticity of the certificate.
Alternatively, an ad-hoc network may be configured such that each node maintains revocation information for the entire network, and the certificate network is configured to periodically transmit updated information. In this embodiment, the revocation list, and the corresponding updates can grow to be very large causing network overhead and reducing network throughput.
Both of these embodiment are dependent on maintaining error free functionality for the certificate authority. Further the certificate authority must constantly be updated to ensure that it is broadcasting the most recent revocation statuses.
Accordingly, there is a need for a system and method configured to implement maintenance and distribution of revocation information within an ad-hoc network. Yet further, there is a need for such a system and method configured to provide for multiple types of revocation information to reduce network traffic. There is further a need for such system and method wherein revocation information is distributed throughout the ad-hoc network in an efficient manner.
It would be desirable to provide a system and/or method that provides one or more of these or other advantageous features. Other features and advantages will be made apparent from the present specification. The teachings disclosed extend to those embodiments which fall within the scope of the appended claims, regardless of whether they accomplish one or more of the aforementioned needs.